Solved

Windows Server 2008 R2 DataCenter server running Exchange 2010 SP3 generates Schannel Event 36887 - The following fatal error was received:20

Posted on 2016-10-07
2
51 Views
Last Modified: 2016-10-07
Our Exchange server is throwing the above mentioned error continuously without a time pattern.  Often we receive information entries Event ID:7036)  telling us the WinHTTP Web Auto-Discovery Service entered a stopped  (or running) state but not always.
I've seen many articles on the error but many recommend suppressing the error which I'd prefer not to.

Our Exchange Server seems to be running fine but I'd like to find out the root cause that's generating this error.
Thanks in Advance
Exchange-System-Log.png
0
Comment
Question by:mlghelp
2 Comments
 
LVL 29

Expert Comment

by:ScottCha
Comment Utility
I found this as a resolution:

nltest  /SC_QUERY:domainname
nltest  /SC_reset:domainname /server:dcname
netdom reset hostname /domain:domainname /server:dcname

From here:  https://social.technet.microsoft.com/Forums/office/en-US/55d3ef33-caf0-41d3-874d-fc1ad65455cb/event-id-36887-source-schannel-error-the-following-fatal-alert-was-received-0?forum=winservergen
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
Comment Utility
The 36887 error occurs when an end user attempts to access one of the Exchange Virtual Directories using a Crypto Suite that isn't supported by IIS. It's more or less just a user's web browser attempting to create an SSL 1.0 session instead of TLS 1.0. It really isn't a problem that you *can* fix, because it's the client machine trying to use an un-supported encryption method. Most often this happens when people use old versions of IE or non-standard web browsers to access OWA. The recommendations are to suppress the error because that's all you can do about it.
2

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now